Yep, but X-Auth can be disabled.
But the problem here sounds like remote network mismatch.
Daniele
Sikosis wrote:
> I thought Cisco uses X-Auth which is why it's not supported by m0n0 ?
>
>
> On 9/15/05, Stovall, Adrian M. <Adrian dot Stovall at durez dot com> wrote:
>
>>I don't know (and I'll have to ask the admin at the site the m0n0wall
>>box is at...that end of the tunnel is a new part of our network that
>>we're trying to get connected).
>>
>>Where do I tell him to look to find out?
>>
>>
>>Adrian Stovall
>>
>>#-----Original Message-----
>>#From: Jonathan S. Romero [mailto:jromero at raydiance dash inc dot com]
>>#Sent: Wednesday, September 14, 2005 2:49 PM
>>#To: Stovall, Adrian M.
>>#Cc: m0n0wall at lists dot m0n0 dot ch
>>#Subject: Re: [m0n0wall] Cisco - M0n0wall ipsec VPN question
>>#
>>#Does m0n0wall use explicit congestion notification? These
>>#symptoms sound like something I was experiencing last week on
>>#a linux system.
>>#
>>#-JonnyRo
>>#
>>#On Wed, 2005-09-14 at 14:23 -0500, Stovall, Adrian M. wrote:
>>#> Hi all.
>>#>
>>#> I have a peculiar problem between a Cisco router and a m0n0wall box
>>#> running the latest beta.
>>#>
>>#> Here are the symptoms and some details (more detailed ones are
>>#> hopefully coming soon):
>>#>
>>#>
>>#> pings sent from the cisco side of the tunnel will bring the
>>#tunnel up
>>#> with no problem.
>>#>
>>#> pings sent from the m0n0 side will not bring the tunnel up.
>>#>
>>#> normal TCP connections initiated from the cisco side of the
>>#tunnel are
>>#> successful (tested with browsers and remote administrator).
>>#>
>>#> normal TCP connections initiated from the m0n0 side of the
>>#tunnel are
>>#> unsuccessful (telnets to any given port result in timeouts).
>>#>
>>#> pings in both directions to devices on the internal networks on the
>>#> opposing side of the tunnel work fine up to 992 bytes.
>>#>
>>#> MTU on the ethernet interface of the cisco is set to 1380.
>>#>
>>#> MTU on the internal (and external) interface of the m0n0 box
>>#is set to
>>#> 1500.
>>#>
>>#> Both routers are connected to the internet via T-1's (m0n0wall is in
>>#> Detroit on a connection from BrightHouse, cisco is in Dallas on a
>>#> connection from Qwest).
>>#>
>>#> At this point, I've seen in the m0n0wall logs that all traffic
>>#> destined for the other side of the tunnel is allowed, and that there
>>#> are no incoming packets getting denied on the cisco, so I'm shying
>>#> away from packet-filtering trouble.
>>#>
>>#> Does anyone have any ideas on what I should be looking at next? The
>>#> idea of a one-way tunnel is interesting, but not especially handy.
>>#>
>>#>
>>#>
>>#> Adrian Stovall
>>#>
>>#>
>>#>
>>#>
>>#> ---------------------------------------------------------------------
>>#> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>>#> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>>#>
>>#--
>>#Jonathan S. Romero <jromero at raydiance dash inc dot com> Raydiance Inc.
>>#
>>#
>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>>For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>>
>>
>
>
>
--
best regards
------------------------------------------------------------------
Daniele Guazzoni
Senior Network Engineer, CCNA, CCNP
Ackersteinstrasse 203
CH-8049 Zurich
------------------------------------------------------------------
"Destiny is not a matter of chance, it is a matter of choice;
it is not a thing to be waited for, it is a thing to be achieved."
William Jennings Bryan